> The given incoming 91.189.90.139 <[email protected]> will sometimes fire > up to 3 attempts per second, stop for minutes break then resume.
> Thoughts please Do you have a *nix box, and do you have fail2ban installed? This is by far the best utility I have installed from the point of view of keeping the server quiet. Every time a monitored log (say, ssh, cyrus-imap, etc., according to your fail2ban settings), fail2ban examines the log for failures (recognised by regexes you have put into fail2ban settings). If there is a failure, fail2ban determines how many times the failure occurred in a time that you set up for fail2ban. If that threshold is met, fail2ban immediately puts the sending IP into ipfw for a period you define in the fail2ban set up. For example, I deny ssh failures for an hour, and POP/cyrus/imap failures for five hours (the latter because most POP dictionary attacks seem to last up to about four and a half hours on my server). The server has been SOOOO much more reliable and 'quiet' since I installed fail2ban. Based on my experience, I'd recommend it for anyone using a *nix server. T. ------------------------------------------------------------------------------ Simplify data backup and recovery for your virtual environment with vRanger. Installation's a snap, and flexible recovery options mean your data is safe, secure and there when you need it. Data protection magic? Nope - It's vRanger. Get your free trial download today. http://p.sf.net/sfu/quest-sfdev2dev _______________________________________________ Assp-test mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/assp-test
